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A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 
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earned patent tenn adjustment. See 37 CFR 1.704(b). 

Status 

1 )I3 Responsive to connmunication(s) filed on 16 February 2007 , 
2a)S This action is FINAL. . 2b)n This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) M Claim(s) 1:9 is/are pending in the application. 

4a) Of the above claim{s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) E Claim(s) ii9 is/are rejected. 
?)□ Claim(s) Is/are objected to. 

8) D Claim{s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) EI The drawing(s) filed on 22 July 2004 is/are: a)IEI accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held In abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction Is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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Priority under 35 U.S.C. § 119 

12) ^ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
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application from the International Bureau (PCT Rule 17.2(a)). 
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DETAILED ACTION 

1 . This action is in response to tlie amendment filed on 02/16/2007. 

2. Claims 1-9 have been amended; claims 1-9 are pending for consideration. 

Response to Arguments 

3. Applicant's arguments with respect to claims 1-9 have been considered but are 
moot in view of the new ground(s) of rejection. 

4. The Examiner maintains the rejections under Section 112. 

Claim Rejections - 35 USC § 112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
daiming the subject matter which the applicant regards as his invention. 

6. Claims 1 and 4-5 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

7. The following words or phrases are not clearly understood rendering the 
corresponding claims vague or indefinite: 

a) "wherein the representative of authority is inserted permanently into the 
network". The Examiner interprets this limitation as best understood. Appropriate 
correction is required. 



Claim Rejections - 35 USC § 103 
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8. The following is a quotation of 35 U.S.C. 103(a) wliich fomns the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary sl<ill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. Claims 1-9 are rejected under 35 U.S.C. 103(a) as being unpatentable over Urien 
(US 2002/0138549) (hereinafter Urien) in view of Doe et al. (US 7043643) (hereinafter 
Doe). 

10. Regarding claim 1 , Urien teaches a method of securing messages exchanged 
over a data transmission network between a server (1) and a small client (2), the small 
client comprising a smart card or a mobile communication system, wherein the small 
client does not have the resources necessary for providing security functions, the 
method being performed under the control of an authority that defines message 
exchange rules, the method comprising providing control in a decentralized manner by 
a representative (3) of the authority, and setting up communication between the client 
and the server only via the representative of the authority, wherein the representative of 
the authority is inserted permanently into the network in the vicinity of the client (2) and 
between the server (1) and the client (2) during the secure exchange of messages, and 
wherein the representative of the authority translates messages transmitted between 
the server and the client and applies verifications decided on by the authority to said 
transmitted messages (Urien: see figure 6 and Abstract section and paragraphs [0043, 
0157,0153,0216-0218]). 
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Not specifically described In detail in Urien are the steps a representative of an 
authority inserted permanently between the client and the server and communication is 
set up between the client and the server only via the representative of the authority. 

However Doe, in an analogous art, teaches a representative of an authority 
inserted permanently between the client and the server and communication is set up 
between the client and the server only via the representative of the authority (Doe: see 
figure 1 item 110 and column 6 lines 45-48 and column 8 lines 34-58: item 1 10 is a hub 
that includes a card reader is equivalent to the representative of the authority, the hub 
controls the communication between a smart card and a computer). 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the Invention was made to modify the procedure in Urien by including the 
hub (i.e. the representative of the authority) in between the smart card and the computer 
(i.e. server) as taught by Doe, because such modification would solve the problems of 
the prior art to provide a convenient and portable solution to secure sensitive data and 
authenticate data integrity thereby validating the source and state of the data (Doe: 
column 2 lines 47-50). 

1 1 . Regarding claim 2, Urien in view of Doe teaches a first protocol (P) for 
exchanges between the server (1) and the representative (3) of the authority, and using 
a second protocol (P') different from the first protocol (P) for exchanges between the 
representative (3) of the authority and the client (2) (Urien: see figure 6 and paragraphs 
[0049-0051. 0077, 0083]). 
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12. Regarding claim 3, Urien in view of Doe teaches setting up a first secure channel 
(4) between the server (1) and the representative (3) of the authority, using a first key 
(Ks) known to the representative (3) of the authority and to the server (1) but not to the 
client (2), and using a first encryption algorithm (AL), and setting up a second secure 
channel (5) between the representative (3) of the authority and the client (2), using a 
second key (Kc) known to the representative (3) of the authority and to the client (2) but 
not to the server (1), and using a second encryption algorithm (AL') (Urien: see figure 6 
and paragraphs [0157, 0193, 0219, 0244-0245, 0247, 0252-0253]). 

13. Regarding claim 4, this claim has limitations that is similar to those of claim 1 , 
thus it is rejected with the same rationale applied against claim 1 above. 

14. Regarding claim 5, Urien teaches wherein the decentralized control device or 
representative (3) of the authority is a data processing microsystem secured by 
hardware, inserted pemrianently between the server (1) and the client (2) during the 
exchange of messages (Urien: see figure 6 and paragraph [0247]). 

Not specifically described in detail In Urien are the steps a representative of an 
authority inserted permanently between the client and the server and communication is 
set up between the client and the server only via the representative of the authority. 

However Doe, in an analogous art, teaches a representative of an authority 
inserted permanently between the client and the server and communication is set up 
between the client and the server only via the representative of the authority (Doe: see 
figure 1 item 110 and column 6 lines 45-48 and column 8 lines 34-58: item 1 10 is a hub 



Application/Control Number: 10/502,309 Page 6 

Art Unit: 2131 

that includes a card reader is equivalent to the representative of the authority, the hub 
controls the communication between a smart card and a computer). 

Therefore, it would have been obvious to a person having ordinary skill in the art 
at the time the invention was made to modify the procedure in Urien by including the 
hub (i.e. the representative of the authority) in between the smart card and the computer 
(i.e. server) as taught by Doe, because such modification would solve the problems of 
the prior art to provide a convenient and portable solution to secure sensitive data and 
authenticate data integrity thereby validating the source and state of the data (Doe: 
column 2 lines 47-50). 

15. Regarding claim 6, Urien in view of Doe teaches wherein: the server (1) is a data 
processing system comprising an input-output port (1a) (Urien: see figure 6 and 
Abstract section); the client (2) is a data processing microsystem comprising an input- 
output port (12) (Urien: see figure 6); the representative (3) of the authority is a data 
processing microsystem secured by hardware and comprising an interface device (13) 
(Urien: see figure 6 and Abstract section); a dedicated interface system (7) is provided, 
comprising an input-output port (8) connected to the input-output port (la) of the server 
data processing system (1), comprising a card port (9) connected to the input-output 
port (12) of the client data processing microsystem (2), comprising an input-output port 
(10) connected to the interface device (13) of the representative (3) of the authority data 
processing microsystem, and comprising a controller (11) programmed to control 
communication between the input-output ports (8), (9) and (10) (Urien: see figure 6); the 
controller (11) and the representative (3) of the authority are programmed so that: the 
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server data processing system (1) sends a request A to tlie client data processing 
microsystem (2), and that request is received by the controller (11) (Urien: see figure 6 
and paragraph [0247 and 0253]); the controller (11) transmits the request A to the 
representative (3) of the authority, which sends it back a response Ra (Urien: see figure 
6 and paragraphs [0054, 0157, 0216, 0247 and 0253]); the controller (11) uses that 
response Ra to calculate a request A' that is sent to the client data processing 
microsystem (2) (Urien: see figure 6 and paragraphs [0054, 0157, 0216, 0247 and 
0253]); the client data processing microsystem (2) processes the request A' to prepare 
a response B' (Urien: see figure 6 and paragraphs [0054, 0157, 0216, 0247 and 0253]); 
the client data processing microsystem (2) sends the response B' to the server data 
processing system (1) (Urien: see figure 6 and paragraphs [0054, 0157, 0216, 0247, 
0253]); that response is received by the controller (11); the controller (11) transmits the 
response B' to the representative (3) of the authority, which sends it back a response 
Rb (Urien: see figure 6 and paragraphs [0054, 0157, 0216, 0247 and 0253]); the 
controller (11) uses that response Rb to calculate a response B that is sent to the server 
data processing system (1) (Urien: see figure 6 and paragraphs [0054, 0157, 0216, 
0247 and 0253]). 

16. Regarding claim 7, Urien In view of Doe teaches the client (2) is a first smart 
card; the representative (3) of the authority is a second smart card; the dedicated 
interface system is a smart card reader (7) comprising two card ports (9) and (10) 
(Urien: see figure 6 and Abstract section). 
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17. Regarding claim 8, Urien in view of Doe teaches wherein: the client (2) is a 
mobile communication system; the server (1) is a data processing system 
communicating with the client (2) via a physical connection or via a wireless 
communication network; the representative (3) of the authority is a smart card 
representing the operator of the wireless communication network (known as the SIM 
card in telephones conforming to the GSM standard) (Urien: see figure 6 and Abstract 
section and paragraphs [0004 and 0087]). 

18. Regarding claim 9, Urien in view of Doe teaches the client (2) is a smart card; the 
representative (3) of the authority is a data processing system secured by hardware; the 
dedicated interface system (7) is a machine comprising a card port (9) and a dedicated 
input-output interface (10) for connection to the representative (3) of the authority data 
processing system (Urien: see figure 6 and Abstract section). 

Conclusion 

1 9. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a): 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
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shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 



Application/Control Number: 10/502,309 



Page 10 



Art Unit: 2131 

Any inquiry concerning this communication or earlier communications from tfie 
examiner should be directed to Trang Doan whose telephone number is (571) 272- 
0740. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications Is available through Private PAIR only. 
For more Infomiatlon about the PAIR system, see http://pair-dlrect.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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